Home > Information Security Magazine > Features > Product review: Seven integrated endpoint security products
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Product review: Seven integrated endpoint security products
by Ed Skoudis & Matt Carpenter
Issue: Nov 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   14  |   15  |   NEXT PAGE  >

Trend Micro and Symantec came next in our exploit testing. Neither identified nor blocked a single client exploit. Trend Micro support personnel indicated that the HIPS protection it licensed from Third Brigade (as well as the protections offered by other vendors) is often configured by default to look for browser exploits only on TCP ports 80 and 8080. Again, independent of our scoring, we tweaked our test to verify this claim, and Trend Micro did detect our attacks on those ports. Administrators can add lists of additional ports for browser and other HTTP-related defenses. Ideally, an admin would configure the endpoint security suite so it monitored for HTTP and HTTPS attacks on all ports allowed out through the enterprise's network firewall. In many organizations, unfortunately, the number of ports allowed outbound are rather high and change on a regular basis, making this synchronization of network firewall and endpoint security tool difficult.

Both Trend Micro and Symantec detected and blocked all of our services exploits, but neither detected our zero-day attack.

CA fared worst of the seven products in this series of tests, failing on most. It didn't detect or block any of the client exploits with its default security policy. Although not part of the scoring, we experimented with its "Restrictive Policy," which did ...



block all of the exploits, but also prevented Firefox from accessing the network.

The next set of results were, if anything, poorer, as it did not alert or block our services exploits, even when we applied Restrictive Policy.

The one success was that CA detected and blocked our zero-day exploit under default policy.

REPORTING
We evaluated each product's reporting functionality, used to pull information such as long-term attack and infection trends, policy compliance information, and lists of the most problematic groups of machines. In particular, we looked at comprehensiveness, flexibility and ease of use

[IMAGE] [IMAGE] [IMAGE] ENDPOINTS | Reporting
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
[IMAGE] The good news
McAfee ePO's reporting features are excellent, including more than 70 different reports that break down all aspects of the enterprise.

The bad news
Sophos' reporting capabilities are quite skimpy. Only about a dozen reports are available.
[IMAGE]
[IMAGE]
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   14  |   15  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts